Skip to content

CA-2: Control Assessments

An OSCAL Control

Statement

    • a.

      Select the appropriate assessor or assessment team for the type of assessment to be conducted;

    • b.

      Develop a control assessment plan that describes the scope of the assessment including:

      • 1.

        Controls and control enhancements under assessment;

      • 2.

        Assessment procedures to be used to determine control effectiveness; and

      • 3.

        Assessment environment, assessment team, and assessment roles and responsibilities;

    • c.

      Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

    • d.

      Assess the controls in the system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements;

    • e.

      Produce a control assessment report that document the results of the assessment; and

    • f.

      Provide the results of the control assessment to .